Prevent non-superusers from modifying site settings
Review Request #8330 — Created Aug. 15, 2016 and submitted
Previously, any staff member (superuser or non-superuser) could change
any of the site settings. We now prevent all non-superuser staff members
from accessing site settings views so that they cannot. A new decorator
(similar to Django'sstaff_member_required
) has been added to
accomplish this.
- Manually verified that superusers can still change settings.
- Manually verified that non-superusers are shown a permission denied
page. - Manually verified that unauthenticated users are shown a login form.
Description | From | Last Updated |
---|---|---|
This is no longer correct. It should probably also mention that users should use @login_required first. |
david | |
I think it's a little confusing to redirect to the login page if a user is already logged in. Can … |
david | |
It's only luck that's making flake8 not complain about this. Can we put all the arguments on the next line … |
david |
- Commit:
-
cdf98e896c37c1117b9fe8357481a4635ec4fb08160be56942b316f3040b6e68f1b19aa610cce726
- Diff:
-
Revision 2 (+54 -3)
- Added Files:
-
Tool: Pyflakes Processed Files: reviewboard/admin/views.py reviewboard/admin/decorators.py Ignored Files: reviewboard/templates/admin/permission_denied.html reviewboard/static/rb/css/pages/admin.less Tool: PEP8 Style Checker Processed Files: reviewboard/admin/views.py reviewboard/admin/decorators.py Ignored Files: reviewboard/templates/admin/permission_denied.html reviewboard/static/rb/css/pages/admin.less
-
Tool: Pyflakes Processed Files: reviewboard/admin/views.py reviewboard/admin/decorators.py Ignored Files: reviewboard/templates/admin/permission_denied.html reviewboard/static/rb/css/pages/admin.less Tool: PEP8 Style Checker Processed Files: reviewboard/admin/views.py reviewboard/admin/decorators.py Ignored Files: reviewboard/templates/admin/permission_denied.html reviewboard/static/rb/css/pages/admin.less
- Testing Done:
-
~ Testing done:
~ - Manually verified that superusers can still change settings. ~ - Manually verified that non-superusers are redirected to the login ~ - Manually verified that superusers can still change settings.
~ - Manually verified that non-superusers are shown a permission denied
page.
~ - Manually verified that unauthenticated users are shown a login form.
- page.